[Update] GITHUB action that creates docker container to make attested and sbom image

samatstariongroup · samatstariongroup · commit cfaa971d830f · 2025-08-08T15:18:16.000+02:00
diff --git a/.github/workflows/web-app-publish-docker-container.yml b/.github/workflows/web-app-publish-docker-container.yml
@@ -11,14 +11,24 @@ jobs:
     steps:
     - name: checkout branch
       uses: actions/checkout@v4
+
     - name: Login to DockerHub Registry
       run: echo ${{ secrets.DOCKERHUB_PASSWORD }} | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin
+
     - name: Get the version
       id: vars
       run: echo ::set-output name=tag::${GITHUB_REF#refs/*/}
-    - name: Build the Docker image and tag
-      run: docker build -f reqifviewer/Dockerfile -t stariongroup/reqifviewer:latest -t stariongroup/reqifviewer:${{ steps.vars.outputs.tag }} .
-    - name: push $RELEASE_VERSION tag
-      run: docker push stariongroup/reqifviewer:${{ steps.vars.outputs.tag }}
-    - name: push latest tag
-      run: docker push stariongroup/reqifviewer:latest
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v2
+
+    - name: Build the Docker image, include SBOM and Provenance, and push
+      run: |
+        docker buildx build \
+          --platform=linux/amd64 \
+          -f reqifviewer/Dockerfile \
+          -t stariongroup/reqifviewer:latest \
+          -t stariongroup/reqifviewer:${{ steps.vars.outputs.tag }} \
+          --sbom=true \
+          --provenance=true \
+          --push
